180. Threat Actors Abuse Legitimate Java Utility to Load Snake Keylogger
Hello everyone!
Even cybercrime actors evolve their techniques and adding DLL side-loading to the arsenal. Recently I spotted Snake Keylogger distributors abuse jsadebugd.exe to sideload a malicious DLL. This case is covered publicly in this report by Lab52.
If we look at VirusTotal, for example, we can see that this legitimate executable was uploaded there with lots of interesting filenames:
It means it's widely abused by threat actors, and it's a good idea to search for renamed executables:
event_type: "processcreatewin"
AND
proc_file_originalfilename: "jsadebugd.exe"
AND NOT
proc_file_name: "jsadebugd.exe"
See you tomorrow!
Comments
Post a Comment